.TH DES 3 "04 October 1993" "Linux" "Linux Programmer's Manual"
.SH NAME
desinit, setkey, endes, dedes, desdone - DES encryption
.SH SYNOPSIS
.PP
.B desinit(mode)
.B int mode;
.PP
.B setkey(key)
.B char *key;
.PP
.B endes(block)
.B char *block;
.PP
.B dedes(block)
.B char *block;
.PP
.B desdone();
.SH DESCRIPTION
These routines implement both standard and modified forms of the NBS Data
Encryption Standard (DES). The user must first call
.B desinit
with one of three operating modes:
.PP
0 - Standard, vanilla DES.
.PP
1 - DES with the initial and final permutations removed.
As these permutations do not strengthen the algorithm,
they are widely regarded as having no purpose other than to slow
down software implementations.
Removing them speeds it up but of course the algorithm is no longer standard
and it will not be compatible with hardware DES chips.
.PP
2 - DES with the initial and final permutations removed, and with independent
48-bit subkeys for each of the 16 rounds. Needless to say this is even
less standard than mode 1, but if properly used (randomize ALL key bytes --
no padding!) it should strengthen the algorithm.
.PP
After calling
.B desinit
the user next calls
.B setkey.
In modes 0 and 1, 8 key bytes are expected, with the low order bit of
each key byte ignored (parity is not checked). This gives a 56-bit key.
In mode 2, 128 key bytes are expected; the high order 2 bits of each byte are
ignored, giving a 768 bit key.
In this mode, the first 8 bytes will be used in the first round, the
second 8 bytes in the second round, and so on.
.PP
Once the key is set, the user may perform in-place encryption and decryption
of 8-byte blocks of data with calls to
.B endes
and
.B dedes.
.PP
To free up memory dynamically allocated by
.B desinit
the user may call
.B desdone.
If further encryption or decryption is to be done,
.B desinit
and
.B setkey
must be called again.
.SH AUTHORS
Phil Karn, KA9Q, building heavily on the earlier public domain code
by Jim Gillogly.
Chris Cappuccio (chris@g386bsd.first.gmd.de)
